on 08-19-2009 2:30 PM
Hello. Is it possible to export the Private Key from, say, my J2EE engine (I'm running a dual stack) and import it into my ABAP instance so that both systems use the same Private Key? They both have the same host name.
This is answered. The solution was to create the key in ABAP, get the signed Cert and then export the pair and import it into J2EE.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
I guess its possible. Please correct me if i am wrong.
Please keep in mind, that simply importing a certificate as a certificate response won't work in this situation, since the public key from your CA and the public key in the individual PSEs already existing on the respective servers won't match.
following steps all the key pairs and certificates that are currently stored in the SSL Server PSEs on the target systems will be removed. If you want to keep them, you'll need to export them to a safe place.
Step 1: import the key pair into a PSE
Since pl.16 of SAPCRYPTOLIB, key pairs given in the format PKCS#12 can be imported into a PSE (note 745063). Since pl.24 of SAPCRYPTOLIB, also the import of key pairs given as PKCS#5, PKCS#8 or OpenSSL-PEM is supported (note 1159829).
Step 2: import the PSE resulting from Step 1) into the system's database All PSEs that are known to transaction STRUST will be exported from the database and distributed to the application servers at system startup. The related PSE files will be overwritten. So, the PSE resulting from the key pair import in step 1) needs to be imported into the database.
You'll need to go through a procedure similar to the one described in note 1178155, step 3.
- Copy the PSE from step 1) to your workstation/PC
- Start transaction STRUST
- Doubleclick the "FILE" icon in the navigation area (left hand side)
- Select the PSE on your workstation/PC
- Execute the menu item "PSE --> save as..." and choose the SSL Server
PSE as target. This will save the PSE from step 1 as SSL Server
standard PSE.
- The following step is a modification from note 1178155 which is
only applicable in your special situation: right mouse button click
on the SSL Server PSE entry in the navigation area. From the context
menu appearing, select "Change".
- Remove the distinguished names from all application server specific
PSEs in the list. Pressing the green tick mark ('save') will remove
all application server specific SSL Server PSEs, so the system is
forced to use the SS Server standard PSE instead.
Don't forget to restart the ICM in order to make your changes become effective.
Regards,
Jazz
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
Hi Jon,
I hope it should be possible.
I have successfully done the other way. i.e Export the key from ABAP stack and put it onto Java stack so that the same certificate is used on both the stacks.
The other way also should be possible. Export the Private key from java stack as a .pfx file and import it into Server PSE in strust.
Let me know if it is successful.
Regards
Raghu.
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.
User | Count |
---|---|
95 | |
11 | |
10 | |
9 | |
9 | |
7 | |
6 | |
5 | |
5 | |
4 |
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.